Speaking with many Project Managers that I’ve worked with over the years, I’ve come to notice that they find it difficult to appreciate the differences between a normal project manager and a Cyber Security Project Manager. So, I decided to look further and research more about Project Managers who deal with Cyber Security.
What is a Cyber Security Project Manager? A Cyber Security Project Manager is responsible for managing multiple security related projects, generally as part of the InfoSec team. They work with other teams involved in the projects to ensure security measures are planned, tested and implemented, with any security risks either being mitigated or managed effectively depending on the risk’s severity.
Cyber Security Project Managers are specialized Project Managers who deal with security related projects for the Information Security (InfoSec) department.
The security projects they can work on can include executing the plans for implementing security tools like Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS) to Data Loss Prevention (DLP) and Logging, Monitoring and Alerting tools.
They can also be responsible for Incident Management, Vulnerability Management (including Patch Management), Cyber Risk Management (using a Cyber Risk framework)
What does a Cyber Security Project Manager do?
A Cyber Security Project Manager is responsible for executing and managing projects involving security, generally on behalf of an organizations Information Security (InfoSec) team.
Security related projects include implementing cyber security tools, information security (including data security), vulnerability management, cyber incident management to cyber security testing. Cyber Security Project Managers will also manage the security risks using an appropriate Cyber Risk framework.
Other aspects where Cyber Security Project Managers can get involved include the running of threat modelling workshops, running incident management, data security projects including encryption, obfuscation to anonymization to projects involving Identity and Access Management (IAM) like privileged access management (PAM), identity federations to Single Sign-On and Multi-Factor Authentication (MFA).
Cyber Security Tools
The planning involved in implementing Cyber Security tools is an area where Cyber Security Project Managers would be heavily involved. Picking a great security tool would need careful selection by assessing multiple vendors.
A Cyber Security Project Manager could facilitate vendor workshops, work with the security personnel to obtain their criteria for selection, be it a Request for Information (RFI) or Request for Purchase (RFP).
Once the appropriate security tools have been chosen, the Cyber Security Project Manager would then need to work out a plan, to include the people and teams involved, the timescales, along with any budgetary costs. Any risks highlighted would need to be assessed and if they are Cyber related, they need to be mitigated (or accepted) and this would involve detailed planning too.
Vulnerability Management
All systems at some point in their lifecycle have vulnerabilities and the Cyber Security Project Manager effectively manages the regular reporting of vulnerabilities in an organizations systems and services.
Once they have a vulnerability report, they work with other teams including InfoSec to understand the remediation activities required. They will then start planning to get these remediation activities in place so the vulnerability risks can be closed off or escalated where limited remediation is available or other activities impede the remediation activities.
Security Testing
Security Testing such as Penetration Testing is another activity Cyber Security Project Managers can get involved in, where they get the applications teams, architects and the penetration testers together to determine the scope of the penetration testing.
On the occasions where I haven’t had the luxury of a Cyber Security Project Manager to do this for me, I’ve had to arrange the meetings, along with the calls with the penetration testing teams, usually third party testing companies.
Cross train into Cyber Security
Many technical people with limited cyber security knowledge can cross train into roles involving cyber security. This includes project managers who with suitable training, can end up becoming Cyber Security Project Managers.
Generally the cross training activities for project managers will not be as detailed as those for a technical person wanting to become a Cyber Security Architect or Cyber Security Analyst.
Cyber Security Project Managers as stated earlier in this article, only need to have a high level understanding of cyber security, they don’t need to know the level of detail a security architect or a security analyst needs to have. Simply, because they will be planning and managing cyber security activities and not making the actual cyber security decisions.
What skills does a Cyber Security Project Manager need to have?
A Cyber Security Project Manager needs to have good project management skills along with a good understanding of Cyber Security. Including being knowledgeable on appropriate Risk frameworks for Cyber Security.
A Cyber Security Project Manager does the planning and project management duties, relying on the security expertise of security analysts and security architects to make the security decision.
They themselves do not make the security decisions and instead are facilitators, working with the teams involved to ensure the planning items are implemented as expected and to budget.
Cyber Security Tools
There are a number of Cyber Security Tools a Cyber Security Project Manager can be involved in planning for. As their planning will not only ensure these tools are delivered on time and within budget but they work as expected and keep the organization secure.
Common Cyber Security Tools Cyber Project Managers can get involved in planning for include:
- Web Application Firewalls (WAF)
- Anti-DDoS
- Antimalware & Antivirus
- Intrusion Detection Systems (IDS)
- Intrusion Prevention Systems (IPS)
- Logging, Monitoring and Alerting
- SOC/SIEM Integration
- Data Loss Prevention (DLP)
SOC/SIEM integration
Larger scale projects will see Cyber Security Project Managers involved in integration planning work where new systems are wholesale integrated into existing security services provided by a Security Incident Event Management (SIEM) service and the Security Operations Center (SOC).
With the SIEM being a massive ingester of logs from different parts of the business and using it’s threat intelligence to work out any suspect behaviors highlighted through it’s log analysis activities. With the suspect activities being flagged up to the people who work as part of the SOC, who then decide what action to take, based on their previously agreed processes and policies.
To integrate with a SIEM and SOC is a large piece of work requiring excellent planning and execution skills and this is where the Cyber Security Project Manager is an important asset in getting this done. Otherwise, any failures in correctly integrating, could lead to malicious events being missed which could put the organization at serious risk of harm from hackers.
Vulnerability Management
Cyber Security Project Managers will be involved in ensuring their planning includes the elements of the project involved with determining what the vulnerabilities are. These could include specialist tools to check systems and if these are not in place, the Cyber Security Project Manager would need to come up with a plan for the implementation.
The Cyber Security Project Manager would work with Cyber Security Architects and Analysts to plan any remediation work required, the teams involved in the completing the remediation, any security testing requirements or other forms of testing such as regression testing.
Information Security
Cyber Security Project Managers will be heavily involved in projects around information security where the outcomes of these projects is to ensure data is secured and protected. So, only those who are authorized to have access to the data, have access to it, thereby preserving the Confidentiality, Integrity and Availability of the data.
The security projects to maintain information security could include encryption, where data is encrypted where it’s stored and as it travels. This may not be the case to start of with, where data is left unencrypted and the Cyber Security Project Manager will then run a project to ensure the data is encrypted wherever it resides.
Cyber Security Risk Management
Good project managers are adept at managing project risks and issues, likewise a Cyber Security Project Manager needs to the same level of risk management skills. They will be logging risks and issues, that could affect the security posture of an organization and ensuring any remediation activities are progressed. Reporting back to senior stakeholders from the project on the status of the cyber security risks.
Threat Modeling
Threat modeling workshops are another area where Cyber Security Project Managers can get involved. By bringing together the programmers, developers, architects and running a workshop using a threat modeling framework like STRIDE which is an abbreviation of Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege.
Cyber Incident Management Planning
Organizations need an effective plan to deal with incidents like a cyber attack leading to unauthorized access. These plans are known as Incident Response plans and require the coming together of different teams to develop.
A Cyber Security Project Manager can be involved in the planning of how these different teams can come together to realize the incident response plan. As well planning any test activities, like dry runs of the incident response plan to see how effective it is in practice.
Incident Management
With a ‘live’ incident, there will need to be activities planned to deal not only with the incident itself but also with the remediation work. So a breach in a network perimeter, will require coordination to ensure the network can be switched off temporarily whilst an assessment of the cyber attack damage is done.
Along with activities involved in dealing with production applications not being able to service an organization customer, as the firewall is not allowing traffic through as it’s been shut down temporarily.
The remediation activities to make sure the network perimeter is protected from further breaches will need to be planned and managed by the Cyber Security Project Manager.
Whilst in many organizations they are large enough to have dedicated incident management personnel, smaller organizations may elect their Cyber Security Project Manager to run with any incident. When the incident management process is usually started a dedicated Incident Manager is contacted and they run the incident management process, delegating out responsibilities to all the relevant people and teams on the incident management call.
The incident manager works from the incident management response plan and some of these responsibilities will fall to the Cyber Security Project Manager, especially if one of the security services involved is in question and requires remediation. The Cyber Security Project Manager will need to be able to work out a plan for any remediation work, including the people and teams involved.
Where the Cyber Security Project Manager is acting as the incident manager, they will need to run the incident management effectively and also look at the remediation activities coming up as actions to the detailed incident response plan. They could work on planning the remediation activities or delegate these to other personnel.
Wrap Up
A Cyber Security Project Manager is an important part of Cyber Security, dealing with security related projects, where they are responsible for planning them and then executing the plans they have created.
Cyber Security Project Managers get involved in the planning for Cyber Security tools deployments, vulnerability management to threat modeling and keeping information secure and protected.